CLAIMS 

What is claimed is: 



1 1 . A method of preventing an attack on a network, wherein the attack comprises 

2 injecting a spurious transmission control protocol (TCP) segment into a TCP connection 

3 between a sender and a receiver, the method comprising the computer-implemented steps of: 

4 receiving a TCP segment carrying an ACK value; 

5 determining whether the ACK value is less than the difference of a next 

6 unacknowledged sequence value and a lesser of either (a) a total number of 

7 bytes sent in the TCP connection or (b) a maximum window size associated 

8 with the TCP connection; and 

9 discarding the TCP segment when the ACK value is less than the difference of a next 

10 unacknowledged sequence value and the lesser of either (a) the total number 

1 1 of bytes sent in the TCP connection or (b) the maximum window size 

12 associated with the TCP connection. 

12. A method as recited in Claim 1, wherein the steps are performed by an endpoint node 
2 acting as the receiver of data in the TCP connection. 

1 3. A method as recited in Claim 1, wherein the steps are performed by a TCP 

2 application of an operating system of a network infrastructure element. 

14. A method as recited in Claim 1, wherein the steps are performed by a TCP process, 

2 stack, adapter or agent hosted by or associated with an operating system of a personal 

3 computer, workstation or other network end station. 

1 5. A method as recited in Claim 1, wherein the maximum window size comprises a 

2 maximum TCP sequence value window size that an endpoint node in the TCP connection can 

3 manage without regard to any change in current window size that either endpoint may 

4 establish during the TCP connection. 
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16. A method as recited in Claim 1 , 

2 wherein the determining step comprises determining whether the ACK value is equal 

3 to an expected ACK value or a range of values less than an initial sequence 

4 value window; and 

5 wherein the discarding step comprises discarding the TCP segment when the ACK 

6 value is equal to an expected ACK value or a range of values less than an 

7 initial sequence value window. 

17. A method of preventing an attack on a network, wherein the attack comprises 

2 injecting a spurious transmission control protocol (TCP) segment into a TCP connection 

3 between a sender and a receiver the method comprising the computer-implemented steps of: 

4 receiving a first TCP segment carrying a sequence value; 

5 determining whether the sequence value is equal to a next expected sequence value; 

6 when the sequence value is equal to a next expected sequence value, determining 

7 whether data carried in the first TCP segment overlaps data carried in one or 

8 more second TCP segments that were previously received in a re-assembly 

9 buffer; and 

10 discarding the one or more second TCP segments fi-om the re-assembly buffer when 

1 1 the first TCP segment overlaps any data segment previously received in the 

1 2 re-assembly buffer. 

1 8. A method as recited in Claim 7, wherein the discarding step comprises discarding all 

2 TCP segments that are in the re-assembly buffer. 

1 9. A method as recited in Claim 7, wherein the data carried in the first TCP segment 

2 overlaps data carried in the one or more second TCP segments that were previously received 

3 in the re-assembly buffer when a first sum of a first sequence value and data length carried in 

4 the first TCP segment is less than a second sequence value carried in any of the second 

5 segments. 
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1 10. A method as recited in Claim 7, wherein the discarding step is performed when the 

2 first TCP segment completely overlaps any data segment previously received in the re- 

3 assembly buffer. 

1 11. A method as recited in Claim 7, further comprising the step of sending an 

2 acknowledgment message that acknowledges data the sequence values of the first TCP 

3 segment. 

1 12. A method as recited in Claim 7, wherein the steps are performed by an endpoint node 

2 acting as the receiver of data in the TCP connection. 

1 13. A method as recited in Claim 7, wherein the steps are performed by a TCP 

2 application of an operating system of a network infrastructure element. 

1 14. A method as recited in Claim 7, wherein the steps are performed by a TCP process, 

2 stack, adapter or agent hosted by or associated with an operating system of a personal 

3 computer, workstation or other network end station. 

1 15. An apparatus for preventing an attack on a network, wherein the attack comprises 

2 sending a spurious transmission control protocol (TCP) segment with a spurious or unwanted 

3 DATA, comprising means for performing any of the steps of Claims 1, 2, 3, 4, 5, 6, 7, 8, 9, 

4 10, 11, 12, 13, or 14. 
5 

1 16. An apparatus for preventing an attack on a network, wherein the attack comprises 

2 sending a spurious transmission control protocol (TCP) segment with spurious or 

3 unwanted DATA, comprising: 

4 a processor; 

5 one or more stored sequences of instructions that are accessible to the processor and 

6 which, when executed by the processor, cause the processor to carry out the 

7 steps of any of Claims 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 1 1, 12, 13, or 14. 
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1 17. A computer-readable medium carrying one or more sequences of instructions for 

2 preventing an attack on a network, wherein the attack comprises sending a spurious 

3 transmission control protocol (TCP) segment with unwanted or spurious DATA , wherein the 

4 execution of the one or more sequences of instructions by one or more processors causes the 

5 one or more processors to perform the steps of any of Claims 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 1 1, 

6 12, 13, or 14. 
7 

7 
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